From 37619dd127b8d76858452bac016c40f49cfed094 Mon Sep 17 00:00:00 2001 From: "J. Ryan Stinnett" Date: Sat, 28 Mar 2020 00:21:17 +0000 Subject: [PATCH 1/3] Show red shield for users that become unverified For any users that we previously verified but that are not unverified, we will now mark them and rooms they are in with a red shield. Fixes https://github.com/vector-im/riot-web/issues/12808 --- src/components/views/right_panel/UserInfo.js | 6 ++++-- src/components/views/rooms/MemberTile.js | 6 +++--- src/utils/ShieldUtils.ts | 8 ++++++++ 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/src/components/views/right_panel/UserInfo.js b/src/components/views/right_panel/UserInfo.js index ee47f08aa2a..a2081dc9e4e 100644 --- a/src/components/views/right_panel/UserInfo.js +++ b/src/components/views/right_panel/UserInfo.js @@ -68,8 +68,10 @@ export const getE2EStatus = (cli, userId, devices) => { return hasUnverifiedDevice ? "warning" : "verified"; } const isMe = userId === cli.getUserId(); - const userVerified = cli.checkUserTrust(userId).isCrossSigningVerified(); - if (!userVerified) return "normal"; + const userTrust = cli.checkUserTrust(userId); + if (!userTrust.isCrossSigningVerified()) { + return userTrust.wasCrossSigningVerified() ? "warning" : "normal"; + } const anyDeviceUnverified = devices.some(device => { const { deviceId } = device; diff --git a/src/components/views/rooms/MemberTile.js b/src/components/views/rooms/MemberTile.js index a0e900b5fca..bf2a1bee231 100644 --- a/src/components/views/rooms/MemberTile.js +++ b/src/components/views/rooms/MemberTile.js @@ -121,10 +121,10 @@ export default createReactClass({ const cli = MatrixClientPeg.get(); const { userId } = this.props.member; const isMe = userId === cli.getUserId(); - const userVerified = cli.checkUserTrust(userId).isCrossSigningVerified(); - if (!userVerified) { + const userTrust = cli.checkUserTrust(userId); + if (!userTrust.isCrossSigningVerified()) { this.setState({ - e2eStatus: "normal", + e2eStatus: userTrust.wasCrossSigningVerified() ? "warning" : "normal", }); return; } diff --git a/src/utils/ShieldUtils.ts b/src/utils/ShieldUtils.ts index 3c7cae8c8de..f427b0b0b65 100644 --- a/src/utils/ShieldUtils.ts +++ b/src/utils/ShieldUtils.ts @@ -5,6 +5,7 @@ interface Client { getUserId: () => string; checkUserTrust: (userId: string) => { isCrossSigningVerified: () => boolean + wasCrossSigningVerified: () => boolean }; getStoredDevicesForUser: (userId: string) => Promise<[{ deviceId: string }]>; checkDeviceTrust: (userId: string, deviceId: string) => { @@ -29,6 +30,13 @@ export async function shieldStatusForMembership(client: Client, room: Room): Pro verified : unverified).push(userId); }); + /* Alarm if any unverified users were verified before. */ + for (const userId of unverified) { + if (client.checkUserTrust(userId).wasCrossSigningVerified()) { + return "warning"; + } + } + /* Check all verified user devices. */ /* Don't alarm if no other users are verified */ const includeUser = (verified.length > 0) && // Don't alarm for self in rooms where nobody else is verified From b53b5cc45de7d70b8686246f2c8037845b1ba2a1 Mon Sep 17 00:00:00 2001 From: "J. Ryan Stinnett" Date: Mon, 30 Mar 2020 15:24:43 +0100 Subject: [PATCH 2/3] Add wasCrossSigningVerified in test --- test/utils/ShieldUtils-test.js | 1 + 1 file changed, 1 insertion(+) diff --git a/test/utils/ShieldUtils-test.js b/test/utils/ShieldUtils-test.js index 949f0ed42bc..66dfab4234f 100644 --- a/test/utils/ShieldUtils-test.js +++ b/test/utils/ShieldUtils-test.js @@ -6,6 +6,7 @@ function mkClient(selfTrust) { getUserId: () => "@self:localhost", checkUserTrust: (userId) => ({ isCrossSigningVerified: () => userId[1] == "T", + wasCrossSigningVerified: () => userId[1] == "T", }), checkDeviceTrust: (userId, deviceId) => ({ isVerified: () => userId === "@self:localhost" ? selfTrust : userId[2] == "T", From 520b4c3e65331913647ceb3fec04333478267174 Mon Sep 17 00:00:00 2001 From: "J. Ryan Stinnett" Date: Mon, 30 Mar 2020 16:33:16 +0100 Subject: [PATCH 3/3] Add tests for was verified case --- test/utils/ShieldUtils-test.js | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/test/utils/ShieldUtils-test.js b/test/utils/ShieldUtils-test.js index 66dfab4234f..5f676579fa6 100644 --- a/test/utils/ShieldUtils-test.js +++ b/test/utils/ShieldUtils-test.js @@ -6,7 +6,7 @@ function mkClient(selfTrust) { getUserId: () => "@self:localhost", checkUserTrust: (userId) => ({ isCrossSigningVerified: () => userId[1] == "T", - wasCrossSigningVerified: () => userId[1] == "T", + wasCrossSigningVerified: () => userId[1] == "T" || userId[1] == "W", }), checkDeviceTrust: (userId, deviceId) => ({ isVerified: () => userId === "@self:localhost" ? selfTrust : userId[2] == "T", @@ -151,7 +151,7 @@ describe("shieldStatusForMembership other-trust behaviour", function() { const client = mkClient(true); const room = { roomId: dm ? "DM" : "other", - getEncryptionTargetMembers: () => ["@self:localhost", "@TF:h", "@TT: h"].map((userId) => ({userId})), + getEncryptionTargetMembers: () => ["@self:localhost", "@TF:h", "@TT:h"].map((userId) => ({userId})), }; const status = await shieldStatusForRoom(client, room); expect(status).toEqual(result); @@ -163,7 +163,19 @@ describe("shieldStatusForMembership other-trust behaviour", function() { const client = mkClient(true); const room = { roomId: dm ? "DM" : "other", - getEncryptionTargetMembers: () => ["@self:localhost", "@FF:h", "@FT: h"].map((userId) => ({userId})), + getEncryptionTargetMembers: () => ["@self:localhost", "@FF:h", "@FT:h"].map((userId) => ({userId})), + }; + const status = await shieldStatusForRoom(client, room); + expect(status).toEqual(result); + }); + + it.each( + [["warning", true], ["warning", false]], + )("2 was verified: returns '%s', DM = %s", async (result, dm) => { + const client = mkClient(true); + const room = { + roomId: dm ? "DM" : "other", + getEncryptionTargetMembers: () => ["@self:localhost", "@WF:h", "@FT:h"].map((userId) => ({userId})), }; const status = await shieldStatusForRoom(client, room); expect(status).toEqual(result);